Bouncer (previously Tuersteher Light)

Most recent Admin Tool ... 1.6.3

I use tray icon to access Admin Tool.

Bouncer no longer installed since too many startup processes...

 

@hjlbx: Are you sure that all these processes are really started up by TrayAllication. I think something is wrong with that taskmanager measurement. I just tried to set notepad.exe, conhost, cmd.exe and BouncerTray to [blacklist] with [#LETHAL]. If BoucerTray was set up to startup it was the only thing started up on reboot -- no notepad, no conhost, no cmd.exe on my Windows machine.

It does not make sense that bouncer's tray app starts notepad, and if so: you should see that there is notepad.exe runnig after startup/restart. I guess that TaskManager measurement isn't correct here.

Do you have installe some other applications (prefetch stuff, optimization tools etc). Maybe tehre is some interference here.

 

Bouncer in non-Lethal mode.

Nothing wrong with Task Manager.

No other applications installed interfering with Bouncer or Task Manager.

Install Bouncer. Problem begins.

Uninstall Bouncer. Problem stops.

Seen by other dedicated Bouncer users.

It is Bouncer bug.

 

Referencing your screenshot what exactly happens - or what is the problem, maybe I do not get the whole story.

is it correct that you install bouncer in [#LETHAL] mode and after restart you encounter that BouncerTray.exe has started several

cmd.exe (=also conhost)
notepad.exe
SvcControlMgr

Is this what happens?

So you should see these executables in the taskmanagers processes overview. Or if you just for tracking down the problem set them to the [BLACKLIST] you should see that BouncerTray.exe starts these processes on re-boot/startup in the bouncer.log file. If they are no such processes in taskmanager and if thei are not blocked (if you tried to [BLACKLIST] them) in the log, they were not executed by BouncerTray.exe.

From your screenshot it is also clear that it is not bouncer (bouncer driver), it is BouncerTray.exe - if it is the cause - for problem. I will test it here again on my Win 8.1 (64-bit) later this day and share my findings (if any).

 

I think I know what is happening. If while start-up any process was blocked by the driver then the tray application (BouncerTray.exe) will get notified and auto check the log file, it seems that the tray app then also cheks the driver's status what seems to be done using cmd.exe/conhost, so these executables are measured as part of the start-up of BouncerTray.exe. If there is nothing blocked and the tray app is not signalled then there is no such "huge" start-up capacity needed. Said "huge" is a bit misleading, a normal user will not feel anything, this is the rating of TaskManager

If there was nothing blocked, I do not see anyting in my Startup-Info in TaskManager. It seems not to be a bug, and there are no ghost (zombie) processes running as it was assumed by the original posting (which was a bit misleading to be honest).

Btw: tray application is optional, must not be used. As far as I know from developer it was just made to have something to show. the intension was (and is?) that bouncer runs in the background without any additional tools running in tray bar or something else.

 

@hjlbx I was finally able to reproduce this issue after reading the recent comments from @4Shizzle to help narrow this down. It definitely has to do with things being blocked during system startup (or in particular, non-lethal as well for logging and signal check). I added C:\Windows\System32\* to Blacklist in non-lethal mode which I knew would do some massive amounts of logging. I was able to get the Task Manager's Startup info to show 112 processes associated with BouncerTray.exe. However, the good news is that, looking in Process Explorer afterward, none of these processes are actually stuck running under BouncerTray.exe or running at all. So this is not a bug, just simply the way in which Windows' Task Manager Startup info measures that performance data during startup only.

EDIT: These 112 processes consisted of: conhost.exe, cmd.exe and sc.exe which are utilized by the logging/signalling/control of BouncerTray as I understand it.

 

@WildByDesign
@4Shizzle

Perhaps someone could report issue with screenshot to Florian ?

Florian and crew need infos so they can reproduce on their specific systems.

If they cannot reproduce, then they will not investigate further - since, as far as they are concerned - they have nothing to investigate.

 

@WildByDesign

So... To avoid issue, don't use Bouncer tray icon to access Admin Tool ?

Bouncer interface is a little "flaky" or "quirky."

For example, if create desktop shortcut and pin Admin Tool to task bar, then when open Admin tool via shortcut or task bar - the Admin Tool is "empty" (no rules are shown).

Of course, these sort of quirks are nothing detrimental - just minor stuff that needs to be fixed - so as to avoid confusion.

 

After thinking about this a bit more, I don't think that would make a difference whether accessing Admin Tool from BouncerTray or by its own executable. This just comes down to the way that Microsoft has programmed that Startup tab within Task Manager.

This part I can clarify more. The developer has designed Admin Tool this way. Users had requested that the Admin Tool auto-load the user's config file to make things quicker and easier, which made great sense. So when the user accesses Admin Tool directly through BouncerTray, this auto-loading of the config file occurs. However, when starting Admin Tool up by itself, whether by shortcut or starting the executable, in that case the Admin Tool does not auto-load the config file. The reason for that is because Bouncer is used by Administrators to manage the configurations of multiple configuration files to distribute and in that case, the auto-loading of a local config file would be a hindrance. Admins would be loading and saving different configuration files from different locations in comparison to local config file.

There are a few possibilities though. Maybe the developer could add a command line argument such as "Admin Tool.exe /load /local" or something like that which could allow regular users to create a desktop shortcut that would load Admin Tool and auto-load config file. Another possibility could be to have a regular user version of Admin Tool and also a separate Administrator version, but I think that would defeat the purpose since it is intended for Admins. Another possibility could be for the developer to create BouncerTray as a Windows service, but I don't know if that would be more beneficial or not.

In your case, I would recommend just using Admin Tool through BouncerTray for the most convenience since that Startup visual glitch would still occur either way. This seems to only occur when there is a lot of logging for Bouncer to do during startup while Windows is booting. I would suggest to figure out what all is being logged during the time when that occurs.

One thing that I would like to discuss with the developer sometime is if the alerting that BouncerTray does can be delayed X amount of seconds during startup, depending on if that is what would be causing that activity. That is my assumption. The driver itself does the logging. But what BouncerTray does is alert the user based on what is being blocked/logged by using Windows system notifications, balloon popups or toasts depending on Windows version. I will look into this some more myself and will communicate with Florian in the next few days and I will get back to you on this.

 

Thanks @WildByDesign for clyrifying. I asked Florian, there is already a command line swith in the Admin Tool

Just call

Code:

"Admin Tool.exe" localhost

from the command prompt or set it in your LNK properties. This works awesome :-D I can then see the local content of the .ini file.

 

@4Shizzle Awesome, thanks for the info for the command line switch.

Also, just in case anyone is wondering. There is also a command line switch for BouncerTray to disable operating system alerts. This would disable any OS related alerts (balloons, toasts, etc.) relating to Bouncer. You would still have the BouncerTray icon turning to red to alert you.

Code:

BouncerTray.exe nopopups

Some Pumpernickel related news:

https://excubits.com/content/en/products_beta.html
Pumpernickel updated in Beta Camp
2016/01/10

 

URGENT: Do NOT install the latest Pumpernickel builds in Beta Camp from today (2016/01/10). I had some significant issues with this build and I will contact Florian ASAP to notify him and likely pull the build until I figure out what went wrong.

 

Thanks on the warning but exactly what was the issue that caused alarm for you?

 

You're welcome. I don't usually get alarmed too easily, but this latest build of the Pumpernickel was causing Windows to be completely unbootable, even in non-lethal mode. So I wanted to give a heads up here first since I had posted about it, then contacted Florian right away and gave him as much details that I was able to dig up. I assume that it is working correctly in his development systems, but for whatever reason it is not working well on mine. Within the Windows session it was fine, but when it came to rebooting, no luck. I will keep everyone here up to date with whatever Florian says went wrong. It's too bad because I was really excited about the whitelist/blacklist functionality added with this build.

 

Such uneventful occurances unfortunately do crop up so it's good to have on hand a ready-image just for those rare but shocking unexpected interruptions. Not very often anymore but then again you're dealing with a really powerful "driver" somewhat still in it's infancy to a point.

Thanks @WildByDesign for all that you do in testing these although it can test your metal sometimes. I certainly would be testing all of these myself if the drivers were signed but i prefer signed stable drivers on my current rig.

 

Looks like Pumpernickel has been updated. I've quickly checked it on a 64-bit Windows 8.1 and it works (also on reboot). Will do more testing and provide more feedback here.

 

I have a problem in installing "pump".

I do my test in a 32-bit win7 system. I first run Pumpernickel.inf in the x86 folder. I find that the Pumpernickel.sys file is actually installed into system32/drivers folder.

Then I run the script file "start_driver.cmd", but I get an error, as shown in the following screenshot:

Spoiler: screenshot

http://i.imgur.com/qlR3V6d.png

The Chinese characters in the screenshot above mean that: Error 2. The system cannot find the file specified.

I have restarted the virutal machine, but got the same error. This error also happened when I wanted to try MemProtect.

Does anyone know how to solve this?

 

@Online_Sword: Have you copied pumpernickel.ini (and for MemProtect memprotect.ini) into C:\Windows\

To do a fresh re-install you can remove the driver files and driver-service:

Code:

net stop pumpernickel
sc delete pumpernickel
del c:\Windows\System32\pumpernickel.sys

then install the driver using inf file.

On Windows 8.1 everything works out of box. Sorry, I dont have Win 7 here, so I can't test more.

 

Thank you @4Shizzle , after copying the ini file to C:\Windows\ it works now!

 

The Pumpernickel driver is moving along quite well thanks to bugs reported and feature suggestions by users here. In addition to the READ_ONLY_MODE, the next release of Pumpernickel driver will include the ability to intercept file CREATE, COPY and RENAME operations as well. Several reported bugs have already been fixed in internal versions of the driver already. The internal version of the driver needs to go through a bit more testing before it will reach the Beta Camp page, but I am quite excited already.

 

I may have to wait until Pumpernickel driver is signed before trying it. I don't have a beta test machine right now, and I don't like allowing unsigned drivers on my work machine. I have to replace the motherboard on my test machine. Hopefully I will be able to soon.

 

Same here. Better safe than sorry.

@WildByDesign can attest to the surprise unexpected dangers from Beta testing unsigned drivers. Just glad that they got things ironed out pronto for it.

 

@Cutting_Edgetech

I had to replace the motherboard on my desktop (stupidly had forgotten to keep the plastic CPU socket protection, so lost the guarantee). Was able to find a mobo from the same series (a cheaper model). Windows 10 did not complain after reboot (as I had hoped). Windows10 worked perfect until the OS-updated. Then Windows10 asked for a new serial key (re-activation due to hardware change). I entered my Window7 key and it accepted it.

Regards Kees

 

If I remember correctly my socket size is a 1366, and I don't think they manufacture them anymore. I did not see them on Newegg, and that's where I purchsed the mobo. I have a Core i7 3.2 ghz, but I don't remember the exact processor at the moment. I can use speccy to get the rest of the info. I hope I can find a good replacement mobo! The processor is still good, and it's supper fast.

Edit: This is the mobo that went bad. I have the same mobo on another computer also. https://www.asus.com/Motherboards/SABERTOOTH_X58/

 

Thank You on your confirmation to pumpernickel working OK immediately and onward since you began it. I only yesterday outfitted a new HDD to another rig and it's an 8.1 so those results are very useful for me on this end. I assume that your also testing it in the "unsigned" beta version.